In the recent history of fraud in the field of remote banking, cases where criminals hack bank systems using their technical imperfections are becoming increasingly rare. A significant stream of today's incidents is associated with abuse and negligence on the part of the clients themselves. In accordance with this trend, the requirements for anti-fraud solutions are also changing. Boris Dyakonov, first deputy chairman of the board, member of the board of directors of Bank24.ru, in an interview with CNews, spoke about the modern tasks of systems to combat financial fraud in the field of remote banking, similar to those that were created at the bank together with the DIS Group company. In Russia, this is one of the first implementations of the NICE Actimize product.
CNews: What business areas are priority for the Bank24.ru company?
Boris Dyakonov : Bank24.ru is a monoliner bank specializing in online banking for entrepreneurs and enterprises. Our target audience is small and medium-sized businesses. We focus on full-fledged online services around the clock.
Bank24.ru operates throughout the country. A branch has been opened in every major city. Today we have five online banks, aimed at different groups of clients (separately for individuals and legal entities , for accountants, etc.). We support a startup button for small and medium-sized businesses ( accounting , banking services and the entire back office brought together ).
CNews: How do you assess the level of fraud threat in the remote banking sector? What is the scale of the problem?
Boris Dyakonov : In our segment it is worth separating fraud depending on the channel: card transactions, Internet banking, mobile banking, office services - the indicators will be different everywhere. In addition, there will be different reasons for fraud, that is, bottlenecks in the system, as well as the means by which theft is committed. For example, fraudsters used skimming - they stole card data using special equipment attached to an ATM. The information obtained is sufficient to create an exact copy of the card or carry out transactions via the Internet. This is definitely a crime . But the client could have lost the card and not discovered the loss for a long time, and fraudsters thus had the opportunity to use it for their criminal purposes. How to qualify this case?
In the field of Internet banking, it is also difficult to unambiguously determine which theft is solely the fault of the bank, and which is the fault of the client himself. Hacking of bank Internet systems on the client side often occurs. If we deeply analyze each incident, we can see that in most cases this is nothing more than a banal abuse: the director of the enterprise entrusts the key to the Bank-Client system to an accountant (and sometimes to a third-party company that provides accounting services on an outsourcing basis). Unfortunately, employees can be unscrupulous and take advantage of the opportunity to steal money.
There is another popular story - with a deceived beneficiary and with a hired director in the leading role. Its essence is that the director is given the right to make decisions individually, but he turns out to be, for example, a fake and transfers money to unknown accounts. Legally, he is authorized to do this without consulting anyone. And such acts are also regarded as fraud.
CNews: What type of theft is most popular among fraudsters?
Boris Dyakonov: As far as I can tell, the crime pandemic , when money was “stolen” from banks , has subsided. Exceptional, isolated incidents that happen very rarely and therefore attract too much attention only confirm this trend. Today, financial institutions have begun to carry out a fairly effective set of preventive measures. For many years now I have not heard a story about any Russian bank where client money was stolen precisely because of technical gaps and deficiencies in security systems. The vast majority of incidents are related to unauthorized access from the environment: these are various stories about accountants, unscrupulous financial directors, etc.
CNews: How does Russian fraud in the field of remote banking differ from similar fraud in the West?
Boris Dyakonov : Our foreign colleagues understand fraud as card fraud , as well as various types of fraud when obtaining loans . Fraud in Russia is generally all incoming and outgoing transactions that are carried out contrary to the client’s intentions. Card games, too.
CNews: What should an effective anti-fraud system be like?
Boris Dyakonov: Fraud exists not only in banks. As you know, they also steal from grocery stores. I propose to consider what the essence of anti-fraud systems is, using this illustrative example.
The volume of losses of retail food stores due to fraud is approximately 5%. How do they fight fraud, for example, in supermarkets? The main “checkpoint” is security guards who closely monitor buyers. In theory, of course, a retail outlet could install truly reliable equipment, similar to that installed in airports, to prevent an extra bun from being carried under a customer's coat. But this is too expensive and will not be offset by any savings from preventing fraud. There is another option: to increase the powers of the security guards, allowing them, if they suspect theft, to turn out the contents of bags, check pockets (it doesn’t matter that by law they do not have the right to do this; in some of our stores this “anti-fraud” method is actively practiced). Yes, it may be effective, but would you go to a store where you could literally be undressed on the way out?
Fraud can also be described using the example of passenger screening at airports. At the end of the last century, the problem of terrorism worsened in the world, and therefore airlines increased their precautions. Many prohibitions have appeared, the inspection procedure has become long and tedious, and some even consider it humiliating. But air carriers have no choice: either passengers will enjoy a comfortable boarding, or the planes will explode in the air. At first, these requirements really seem too strict, but over time it becomes clear that many restrictions were introduced “just in case.” The requirements are being relaxed because airlines are interested in ensuring that non-hazardous passengers experience as little discomfort as possible.
Now let's move into the world of transactions. Here, the anti-fraud system has exactly the same tasks: it is obliged to catch the “ terrorist ” (interception of the incident), but at the same time it must cause minimal inconvenience to trustworthy clients. However, everyone understands that the latter will still have their pockets turned out every now and then (false positives), although not as often and not as desperately as with total control.
Why is it bad if the anti -fraud system has a large number of false positives? I’ll tell you a real life incident that I know about first-hand. A group of climbers set off to conquer a very inaccessible height, the mountain is located on the other side of the world. Suddenly, an accident occurs with one of the climbers, he is injured, and in order to take him to the hospital, you need to order a helicopter, the services of which are very expensive. There is not enough cash, there are only funds on bank cards. The expedition members even manage to find some kind of ATM. But they still cannot withdraw money: the bank repeatedly refuses to carry out the transaction because it considers it atypical. Fortunately, someone turned out to have a card that belonged to a small bank that did not use any anti-fraud system. They managed to withdraw the money, and it saved the man’s life.
I will give a positive example of the work of the anti-fraud system (again, allegorical). At some point in time, I often flew on business trips to a certain city. They began to recognize me at the airport and searched me a little less harshly, because neither my luggage nor my behavior ever aroused suspicion from the airport security service. A good anti-fraud system works the same way: at some point it “understands” what actions are typical for a person, and once again does not bother him with increased attention.
Actually, what conclusion can be drawn by summarizing all the wishes for an ideal anti-fraud system? An ideal anti-fraud system should delay as many incidents as possible, but at the same time not prevent reliable customers from carrying out transactions.
CNews: Is this wish recorded in numbers? What percentage of preventing incidents and false alarms is considered optimal, and most importantly, realistic today?
Boris Dyakonov: If we focus on Western statistics, then the requirements for systems are as follows: interception - 70-90%, false positive rate - 1 in 30 (metaphorically speaking, you need to search 29 innocent people to catch one thief). They are striving to achieve approximately the same figures in Russia .
CNews: 70-90% of incidents intercepted, that is, 10-30% missed? Isn't the percentage too high?
Boris Dyakonov: 100% is ideal, but hardly achievable. Simply because the number of “ innocently searched ” will be significantly increased - almost to the same 100%. Compromise is always necessary.
CNews: What was the impetus for initiating the project to create an anti-fraud system in your bank? Has any solution been implemented previously?
Boris Dyakonov: No, this is the first anti-fraud system in Bank24.ru . Our business is growing: today already 10% of small and medium-sized businesses in Russian cities with a population of over a million are our clients. The moment has come when it is no longer possible to do without a competent, specialized solution to combat fraud.
CNews: Your project is one of the first implementations of the NICE Actimize product in Russia. Why was this particular solution chosen?
Boris Dyakonov: NICE Actimize is an industrial solution. But the main factor, perhaps, is the expertise of both the vendor and the integrator, acting as a distributor and an active participant in the implementation. NICE Systems is a world leader in anti-fraud solutions. This is a company from Israel. The operating logic of the system proposed by the vendor is based on Israeli developments. This country has a rich scientific school that supports the intelligence services . It is focused on deep analytics, heuristics, etc. An example of the unique work of Israeli specialists is the Tel Aviv airport security system , which is rightly considered number one in the world. Based on such examples, we considered that the solution, based on the developments of the Israeli intelligence services, is very reliable.
CNews: What is your new anti-fraud system? What modules does it consist of?
Boris Dyakonov: If you imagine it schematically, the system consists of a data warehouse , a rule base, a self-learning module - a “ black box ” that analyzes “ terrorists ”, assigns ratings to clients, etc. This module works in conjunction with the main system, making decisions on each transactions online and setting danger levels such as “Normal”, “Suspicious”, “Manual processing”, “Unambiguous blocking”, etc.
The performance of the created system today is 10 times higher than our current transaction performance, so the headroom is huge. We are now integrating the implemented solution with a scoring system (determining the client’s trustworthiness), and also using it for AML (Anti-Money Laundering, anti-money laundering) purposes: the system evaluates how dubious both the transaction itself and the client carrying out it are.
CNews: Does the solution have any bonus tasks other than direct protection against fraud?
Boris Dyakonov: The system is useful because it allows you to keep a history of fraud. This is extremely important during the incident investigation process. Stopping an unreliable transaction and preventing it from being completed is not so bad. It is extremely important for the bank to analyze both the incident itself and the client who participated in it, compare his data, find out, for example, what kind of relationship he has with law enforcement agencies, etc. Intercepting a “bad” transaction is only the beginning of the anti-fraud system.
CNews: What requirements are placed on the infrastructure when implementing this solution?
Boris Dyakonov: There were no special requirements, everything was standard: an open homogeneous architecture with the ability to integrate the solution. Yes, it was necessary to install a certain number of additional pieces of equipment, but the architecture did not have to be changed.
CNews: How long did the project last?
Boris Dyakonov: About 5-6 months passed from the start of the implementation project to the first launch of the system. The rest of the time, about a year, was spent correcting the data. It was necessary to clean the information flow so that it corresponds exactly to the parameters that the system is capable of processing: duplicate data was removed, and it was also verified that the data was uploaded correctly. Next, we set certain rules and parameterized the system. Actually, the project to create it can be considered completed. But only conditionally. The anti-fraud solution needs constant improvement and continuous updating of the rules.
CNews: What difficulties did you encounter during the implementation process?
Boris Dyakonov: Perhaps the most difficult stage was the definition of the rules. The process itself is clear: prohibit “bad” operations and allow “good” ones, but how to correctly set the signs by which fraud will be identified, how to set up analytics of previous cases of fraud, and most importantly, how to guess the vector of development of the attackers’ thoughts ? This requires a lot of experience and knowledge. Such work to determine the parameters of anti-fraud system filters is rightly considered one of the most difficult in the IT industry.
CNews: What are the advantages of your partner, DIS Group? How would you characterize your collaboration?
Boris Dyakonov: The DIS Group team managed to understand what the business needed. It is most important. The solution that was built specializes specifically in the tasks of our bank, our business. In addition, DIS Group's technical expertise is simply impressive. In those areas that required specialized knowledge of the product, a vendor was involved; we used video conferencing to communicate with Israeli experts . In total, about 20 people took part in the project, 10 of them from the bank.
CNews: Is it planned to develop the project?
Boris Dyakonov: What we have implemented is not an IT project in its pure form. This is a complex, cross-functional project. Its success is only possible if there is an understanding that the implementation of this solution is not just the purchase and configuration of a certain product, but a whole series of procedures carried out during the entire cycle of operation of the anti-fraud solution. The development of the project consists of keeping the system up to date. The world does not stand still, especially a fraudulent one, so the solution needs constant improvements related to the definition of new rules and parameters that are oriented towards natural changes in the outside world.
(c) Maria Chimirichkina
CNews: What business areas are priority for the Bank24.ru company?
Boris Dyakonov : Bank24.ru is a monoliner bank specializing in online banking for entrepreneurs and enterprises. Our target audience is small and medium-sized businesses. We focus on full-fledged online services around the clock.
Bank24.ru operates throughout the country. A branch has been opened in every major city. Today we have five online banks, aimed at different groups of clients (separately for individuals and legal entities , for accountants, etc.). We support a startup button for small and medium-sized businesses ( accounting , banking services and the entire back office brought together ).
CNews: How do you assess the level of fraud threat in the remote banking sector? What is the scale of the problem?
Boris Dyakonov : In our segment it is worth separating fraud depending on the channel: card transactions, Internet banking, mobile banking, office services - the indicators will be different everywhere. In addition, there will be different reasons for fraud, that is, bottlenecks in the system, as well as the means by which theft is committed. For example, fraudsters used skimming - they stole card data using special equipment attached to an ATM. The information obtained is sufficient to create an exact copy of the card or carry out transactions via the Internet. This is definitely a crime . But the client could have lost the card and not discovered the loss for a long time, and fraudsters thus had the opportunity to use it for their criminal purposes. How to qualify this case?
In the field of Internet banking, it is also difficult to unambiguously determine which theft is solely the fault of the bank, and which is the fault of the client himself. Hacking of bank Internet systems on the client side often occurs. If we deeply analyze each incident, we can see that in most cases this is nothing more than a banal abuse: the director of the enterprise entrusts the key to the Bank-Client system to an accountant (and sometimes to a third-party company that provides accounting services on an outsourcing basis). Unfortunately, employees can be unscrupulous and take advantage of the opportunity to steal money.
There is another popular story - with a deceived beneficiary and with a hired director in the leading role. Its essence is that the director is given the right to make decisions individually, but he turns out to be, for example, a fake and transfers money to unknown accounts. Legally, he is authorized to do this without consulting anyone. And such acts are also regarded as fraud.
CNews: What type of theft is most popular among fraudsters?
Boris Dyakonov: As far as I can tell, the crime pandemic , when money was “stolen” from banks , has subsided. Exceptional, isolated incidents that happen very rarely and therefore attract too much attention only confirm this trend. Today, financial institutions have begun to carry out a fairly effective set of preventive measures. For many years now I have not heard a story about any Russian bank where client money was stolen precisely because of technical gaps and deficiencies in security systems. The vast majority of incidents are related to unauthorized access from the environment: these are various stories about accountants, unscrupulous financial directors, etc.
CNews: How does Russian fraud in the field of remote banking differ from similar fraud in the West?
Boris Dyakonov : Our foreign colleagues understand fraud as card fraud , as well as various types of fraud when obtaining loans . Fraud in Russia is generally all incoming and outgoing transactions that are carried out contrary to the client’s intentions. Card games, too.
CNews: What should an effective anti-fraud system be like?
Boris Dyakonov: Fraud exists not only in banks. As you know, they also steal from grocery stores. I propose to consider what the essence of anti-fraud systems is, using this illustrative example.
The volume of losses of retail food stores due to fraud is approximately 5%. How do they fight fraud, for example, in supermarkets? The main “checkpoint” is security guards who closely monitor buyers. In theory, of course, a retail outlet could install truly reliable equipment, similar to that installed in airports, to prevent an extra bun from being carried under a customer's coat. But this is too expensive and will not be offset by any savings from preventing fraud. There is another option: to increase the powers of the security guards, allowing them, if they suspect theft, to turn out the contents of bags, check pockets (it doesn’t matter that by law they do not have the right to do this; in some of our stores this “anti-fraud” method is actively practiced). Yes, it may be effective, but would you go to a store where you could literally be undressed on the way out?
Fraud can also be described using the example of passenger screening at airports. At the end of the last century, the problem of terrorism worsened in the world, and therefore airlines increased their precautions. Many prohibitions have appeared, the inspection procedure has become long and tedious, and some even consider it humiliating. But air carriers have no choice: either passengers will enjoy a comfortable boarding, or the planes will explode in the air. At first, these requirements really seem too strict, but over time it becomes clear that many restrictions were introduced “just in case.” The requirements are being relaxed because airlines are interested in ensuring that non-hazardous passengers experience as little discomfort as possible.
Now let's move into the world of transactions. Here, the anti-fraud system has exactly the same tasks: it is obliged to catch the “ terrorist ” (interception of the incident), but at the same time it must cause minimal inconvenience to trustworthy clients. However, everyone understands that the latter will still have their pockets turned out every now and then (false positives), although not as often and not as desperately as with total control.
Why is it bad if the anti -fraud system has a large number of false positives? I’ll tell you a real life incident that I know about first-hand. A group of climbers set off to conquer a very inaccessible height, the mountain is located on the other side of the world. Suddenly, an accident occurs with one of the climbers, he is injured, and in order to take him to the hospital, you need to order a helicopter, the services of which are very expensive. There is not enough cash, there are only funds on bank cards. The expedition members even manage to find some kind of ATM. But they still cannot withdraw money: the bank repeatedly refuses to carry out the transaction because it considers it atypical. Fortunately, someone turned out to have a card that belonged to a small bank that did not use any anti-fraud system. They managed to withdraw the money, and it saved the man’s life.
I will give a positive example of the work of the anti-fraud system (again, allegorical). At some point in time, I often flew on business trips to a certain city. They began to recognize me at the airport and searched me a little less harshly, because neither my luggage nor my behavior ever aroused suspicion from the airport security service. A good anti-fraud system works the same way: at some point it “understands” what actions are typical for a person, and once again does not bother him with increased attention.
Actually, what conclusion can be drawn by summarizing all the wishes for an ideal anti-fraud system? An ideal anti-fraud system should delay as many incidents as possible, but at the same time not prevent reliable customers from carrying out transactions.
CNews: Is this wish recorded in numbers? What percentage of preventing incidents and false alarms is considered optimal, and most importantly, realistic today?
Boris Dyakonov: If we focus on Western statistics, then the requirements for systems are as follows: interception - 70-90%, false positive rate - 1 in 30 (metaphorically speaking, you need to search 29 innocent people to catch one thief). They are striving to achieve approximately the same figures in Russia .
CNews: 70-90% of incidents intercepted, that is, 10-30% missed? Isn't the percentage too high?
Boris Dyakonov: 100% is ideal, but hardly achievable. Simply because the number of “ innocently searched ” will be significantly increased - almost to the same 100%. Compromise is always necessary.
CNews: What was the impetus for initiating the project to create an anti-fraud system in your bank? Has any solution been implemented previously?
Boris Dyakonov: No, this is the first anti-fraud system in Bank24.ru . Our business is growing: today already 10% of small and medium-sized businesses in Russian cities with a population of over a million are our clients. The moment has come when it is no longer possible to do without a competent, specialized solution to combat fraud.
CNews: Your project is one of the first implementations of the NICE Actimize product in Russia. Why was this particular solution chosen?
Boris Dyakonov: NICE Actimize is an industrial solution. But the main factor, perhaps, is the expertise of both the vendor and the integrator, acting as a distributor and an active participant in the implementation. NICE Systems is a world leader in anti-fraud solutions. This is a company from Israel. The operating logic of the system proposed by the vendor is based on Israeli developments. This country has a rich scientific school that supports the intelligence services . It is focused on deep analytics, heuristics, etc. An example of the unique work of Israeli specialists is the Tel Aviv airport security system , which is rightly considered number one in the world. Based on such examples, we considered that the solution, based on the developments of the Israeli intelligence services, is very reliable.
CNews: What is your new anti-fraud system? What modules does it consist of?
Boris Dyakonov: If you imagine it schematically, the system consists of a data warehouse , a rule base, a self-learning module - a “ black box ” that analyzes “ terrorists ”, assigns ratings to clients, etc. This module works in conjunction with the main system, making decisions on each transactions online and setting danger levels such as “Normal”, “Suspicious”, “Manual processing”, “Unambiguous blocking”, etc.
The performance of the created system today is 10 times higher than our current transaction performance, so the headroom is huge. We are now integrating the implemented solution with a scoring system (determining the client’s trustworthiness), and also using it for AML (Anti-Money Laundering, anti-money laundering) purposes: the system evaluates how dubious both the transaction itself and the client carrying out it are.
CNews: Does the solution have any bonus tasks other than direct protection against fraud?
Boris Dyakonov: The system is useful because it allows you to keep a history of fraud. This is extremely important during the incident investigation process. Stopping an unreliable transaction and preventing it from being completed is not so bad. It is extremely important for the bank to analyze both the incident itself and the client who participated in it, compare his data, find out, for example, what kind of relationship he has with law enforcement agencies, etc. Intercepting a “bad” transaction is only the beginning of the anti-fraud system.
CNews: What requirements are placed on the infrastructure when implementing this solution?
Boris Dyakonov: There were no special requirements, everything was standard: an open homogeneous architecture with the ability to integrate the solution. Yes, it was necessary to install a certain number of additional pieces of equipment, but the architecture did not have to be changed.
CNews: How long did the project last?
Boris Dyakonov: About 5-6 months passed from the start of the implementation project to the first launch of the system. The rest of the time, about a year, was spent correcting the data. It was necessary to clean the information flow so that it corresponds exactly to the parameters that the system is capable of processing: duplicate data was removed, and it was also verified that the data was uploaded correctly. Next, we set certain rules and parameterized the system. Actually, the project to create it can be considered completed. But only conditionally. The anti-fraud solution needs constant improvement and continuous updating of the rules.
CNews: What difficulties did you encounter during the implementation process?
Boris Dyakonov: Perhaps the most difficult stage was the definition of the rules. The process itself is clear: prohibit “bad” operations and allow “good” ones, but how to correctly set the signs by which fraud will be identified, how to set up analytics of previous cases of fraud, and most importantly, how to guess the vector of development of the attackers’ thoughts ? This requires a lot of experience and knowledge. Such work to determine the parameters of anti-fraud system filters is rightly considered one of the most difficult in the IT industry.
CNews: What are the advantages of your partner, DIS Group? How would you characterize your collaboration?
Boris Dyakonov: The DIS Group team managed to understand what the business needed. It is most important. The solution that was built specializes specifically in the tasks of our bank, our business. In addition, DIS Group's technical expertise is simply impressive. In those areas that required specialized knowledge of the product, a vendor was involved; we used video conferencing to communicate with Israeli experts . In total, about 20 people took part in the project, 10 of them from the bank.
CNews: Is it planned to develop the project?
Boris Dyakonov: What we have implemented is not an IT project in its pure form. This is a complex, cross-functional project. Its success is only possible if there is an understanding that the implementation of this solution is not just the purchase and configuration of a certain product, but a whole series of procedures carried out during the entire cycle of operation of the anti-fraud solution. The development of the project consists of keeping the system up to date. The world does not stand still, especially a fraudulent one, so the solution needs constant improvements related to the definition of new rules and parameters that are oriented towards natural changes in the outside world.
(c) Maria Chimirichkina
Антифрод-решение в «Банк24.ру»: секрет израильских спецслужб - CNews
В новейшей истории фрода в сфере ДБО все более редки случаи, когда преступники взламывают системы банков, используя...
www.cnews.ru
